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REMARKS/ARGUMENTS 

Applicant would like to thank the Examiner for a telephone call on July 1 1 , 2006 
between the Examiner and the Applicant's undersigned representative. 

Claims 1-10 and 12-21 are pending in this Application. Claims 1,8, and 15 have 
been amended. Claims 1-10 and 12-21 remain pending in the Application after entry of this 
Amendment. No new matter has been added. 

In the Office Action, the Examiner objected to the disclosure as containing 
informalities needing appropriate correction. The Examiner rejected claims 1-10, and 12-21 on 
the grounds of statutory obviousness-type double patenting as being unpatentable in view of U.S. 
Patent No. 6,983,381 (hereinafter the "'381 patent"). The Examiner rejected claims 1-10, and 
12-21 under 35 U.S.C. § 1 12, second paragraph, as being indefinite. The Examiner rejected 
claims 1-4, 6-10, and 12-21 under 35 U.S.C. § 103(a) as being unpatentable over U.S. Patent No. 
6,952,781 to Chang et al. (hereinafter "Chang"), in view of U.S. Patent No. 6,148,404 to 
Yatsukawa et al. (hereinafter "Yatsukawa"), and in further view of U.S. Patent No. 6,732,269 to 
Baskey et al. (hereinafter "Baskey"). The Examiner further rejected claim 5 under 35 U.S.C. § 
103(a) as being unpatentable over Chang, in view of Yatsukawa, in further view of Baskey, and 
in further view of U.S. Patent No. 6,782,103 to Arthan et al. (hereinafter "Arthan"). 

Specification Objections 

Applicant respectfully traverses the objections to the disclosure and requests 
reconsideration and withdrawal of the objections. In the Office Action, the Examiner makes the 
allegation that the Application appears to be a divisional of U.S. Provisional Patent Application 
No. 60/262,875, filed Jan. 17, 2001, and requests language to be added to the disclosure 
identifying the Application as a divisional application of a provisional application. Applicant, 
however, points the Examiner's attention to 35 U.S.C. § 1 19 Benefit of earlier filing date; right 
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of priority, 37 C.F.R. § 1.78 Claiming benefit of earlier filing date and cross-references to other 
applications; and M.P.E.P. § 201.1 1 Claiming the Benefit of an Earlier Filing Date Under 35 
U.S.C. 120 and 119(e). In particular, M.P.E.P. § 201.1 1(III)(B), second paragraph, states: 

The relationship (i.e., continuation, divisional, or continuation-in-part) is not required and 
should not be specified when a prior provisional application is being claimed under 35 U.S.C. 1 19(e). No 
relationship should be specified because whenever a priority claim to a provisional application under 35 
U.S.C. 1 19(e) is made, it is implicit that the relationship is "nonprovisional application of a provisional 
application." (Emphasis added). 

In response, however, Applicant has amended the disclosure to include a cross- 
reference to related applications that also claim priority to the U.S. Provisional Patent 
Application No. 60/262,875. Therefore, Applicant requests reconsideration and withdrawal of 
the objections. 

Double Patenting Rejections 

In the Office Action, the Examiner quotes M.P.E.P. § 804 ]f 8.33 Basis for 
Nonstatutory Double Patenting. However, the Examiner in paragraph 7 of the Office Action 
rejected claims 1-10 and 12-21 on the grounds of statutory obviousness-type double patenting in 
view of U.S. Patent No. 6,983,381 (hereinafter the "'381 patent"). In the telephone call of July 
11, 2006, the Examiner clarified the double patenting rejection as nonstatutory obviousness-type 
double patenting. Applicant is willing to consider filing a terminal disclaimer once all pending 
claims are indicated as otherwise allowable. 

Rejections Under 35 U.S.C. $ 112, Second Paragraph 

The Examiner rejected claims 1-10, and 12-21 under 35 U.S.C. § 112, second 
paragraph, as being indefinite. Specifically, the Examiner states that the phrase "first 
communications channel" is indefinite because the word "first" is not followed by the words 
"second" or "next" communication channel. 
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In response, Applicant has amended claims 1,8, and 15 to remove the word 
"first." Applicant thanks the Examiner for her helpful suggestion. Therefore, Applicant requests 
reconsideration and withdrawal of the corresponding rejections. 

Rejections Under 35 U.S.C. $ 103(a) 

Applicant respectfully traverses the rejections and requests reconsideration and 
withdrawal of the rejections based on Chang, Yatsukawa, and Baskey. In the Office Action, the 
Examiner rejected claims 1-4, 6-10, and 12-21 under 35 U.S.C. § 103(a) as being unpatentable 
over Chang, in view of Yatsukawa, and in further view of Baskey. The Examiner makes the 
allegation that the combination of references teach or disclose all of the claimed limitations of 
the corresponding claims and that one having ordinary skill in that art at the time of the invention 
would have been motivated to incorporate the teachings of Chang with the teachings of 
Yatsukawa and Baskey. 

Applicant further respectfully traverses the rejections and requests reconsideration 
and withdrawal of the rejections based on Chang, Yatsukawa, Baskey, and Arthan. The 
Examiner rejected claim 5 under 35 U.S.C. § 103(a) as being unpatentable over Chang, in view 
of Yatsukawa, in further view of Baskey, and in further view of Arthan. 

Applicant respectfully submits that the Examiner has not established a prima facie 
case of obviousness in the Office Action. To establish a prima facie case of obviousness, three 
basic criteria must be met. First, there must be some suggestion or motivation, either in the 
references themselves or in the knowledge generally available to one of ordinary skill in the art, 
to modify the reference or to combine reference teachings. Second, there must be reasonable 
expectation of success. Finally, the prior art reference, or references when combined, must teach 
or suggest all of the claim limitations. 

Applicant submits that Chang, Yatsukawa, and Baskey, either individually or in 
combination, fail to teach or suggest at least one of the claimed limitations from each of the 
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corresponding claims 1-4, 6-10, and 12-21. Applicants further submit that Chang, Yatsukawa, 
Baskey, and Arthan, either individually or in combination, fail to teach or suggest at least one of 
the claimed limitations from the corresponding claim 5. 



Claim 1 

Claim 1 is directed to a computer program product for a client computing system 
including a processor. As recited in claim 1 , the computer program product includes codes 
residing on a tangible media. The codes direct the processor to perform various operations 
recited in claim 1 . As recited in claim 1 , the processor requests a challenge from an 
authentication server. As recited in claim 1 , the processor receives the challenge from the 
authentication server via a secure communications channel. The challenge recited in claim 1 
includes a password that is inactive . As recited in claim 1 , the processor receives user 
authentication data from a user. As recited in claim 1 , the processor determines a private key 
and a digital certificate in response to the user authentication data. 

As further recited in claim 1 , the processor forms a digital signature in response to 
the password that is inactive from the authentication server and the private key. As recited in 
claim 1 , the processor communicates the digital signature to the authentication server. As recited 
in claim 1 , the processor communicates the digital certificate to the authentication server. The 
digital certificate recited in claim 1 includes a public key in an encrypted form. As recited in 
claim 1 , the processor communicates network user authentication data and the password that is 
inactive to the authentication server via a security server. The authentication server recited in 
claim 1 then activates the password that is inactive when the digital signature is verified. 

Applicant respectfully disagrees with the Examiner's assertions that claim 1 is 
made obvious by the combination of Chang, Yatsukawa, and Baskey. 

Chang discloses techniques for establishing a plurality of sessions between a 
client and a server based on a single input of user authentication information. In Chang, an 
authentication server receives a request including identification information from the client to 
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establish a connection between the client and the server. If it is determined that the connection 
between the client and the server should be established, the authentication server caches the 
identification information in memory and the connection is allowed. Subsequent connection 
requests from the client to the server may be established based on the cached identification 
information without further input from the client or user. (Chang: Abstract). 

Applicant submits that Chang does not teach or suggest receiving a challenge 
from an authentication server as recited in claim 1 , where the challenge includes a password that 
is inactive. Applicant further submits that Change does not teach or suggest activating the 
password as recited in claim 1 . Instead, Chang merely discloses communicating user 
identification information from a client system to an AAA server . (Chang: FIG. 3, element 304). 
In Chang, a token card generates a series of random one-time passwords (OTPs). (Chang: Col. 
2, lines 15-20). The token card works in conjunction with a password server that independently 
generates OTPs in synch with the token card. (Chang: Col. 2, lines 32-33). The user-entered 
OTP of Chang is sent to the password server and then compared to an OTP independently 
generated in the password server. Thus, in Chang, the OTP generated by the password server is 
not provided to the user. Instead, the user provides the OTP generated by the token card to the 
password server. Additionally, nowhere does Chang disclose that the user-submitted OTP or the 
OTP generated by the password server are activated after being inactive as recited in claim 1 . 

Applicant disagrees with the Examiner's assertion that Table 2 of Chang discloses 
receiving a challenge from an authentication server as recited in claim 1 , where the challenge 
includes a password that is inactive. Table 2 of Chang illustrates steps take by a client and AAA 
server to result in the expiration of user identification information due to the expiration of a 
cache time-out value. At each of the times 0, 2, and 65 in Table 2 of Chang, the user JOE 
supplies the OTP from a hand-held card to an AAA server in a request to establish a session. 
The user supplying the OTP from the hand-held card and the CHAP password in Chang does not 
teach or suggest receiving a challenge from an authentication server as recited in claim 1 , where 
the challenge includes a password that is inactive. 
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Applicant further disagrees with the Examiner's allegation that Table 2 of Chang 
discloses the authentication server activates the password as recited in claim 1 . Chang merely 
discloses that if the user JOE desires to establish another session within the cache time-out value 
period, the user JOE sends the AAA server the previously used OTP. The AAA server then 
compares the previously submitted OTP to the cached OTP at time 2 in Table 2 of Chang. 
Outside of the cache time-out value, the AAA server sends the user-submitted OTP to the token 
server for verification. Applicant submits that Chang does not teach or suggest that an 
authentication server activates the password as recited in claim 1 . 

Moreover, due to the nature of one-time passwords, any OTP submitted by the 
user JOE in Chang is invalid for use with the token server in subsequent authentications after a 
first successful authentication (see Chang: Col. 2, lines 15-28). Instead, in Chang, the previously 
used OTP is cached by the AAA server to allow for establishing subsequent connections using 
the expired OTP. Nowhere does Chang disclose that the AAA server or the token server 
activates the previously used OTP. 

In the Office Action, the Examiner acknowledges that Chang does not teach or 
suggest the features of determining a private key and a digital certificate, communicating the 
digital certificate, and a secure communication channel as recited in claim 1 . The Examiner 
relies on Yatsukawa to teach the features of determining a private key and a digital certificate 
and communicating the digital certificate as recited in claim 1 . The Examiner relies on Baskey 
to teach the feature of a secure communication channel as recited in claim 1 . However, 
Applicant submits that Yatsukawa and Baskey fail to cure the deficiencies of Chang. 

Applicant submits that Yatsukawa does not supply the missing claim limitation of 
receiving a challenge from an authentication server as recited in claim 1 , where the challenge 
includes a password that is inactive. Not all limitations of claim 1 can be found in the 
combination of Chang and Yatsukawa. As discussed in previous responses, Yatsukawa discloses 
that a client generates authentication data D by enciphering the seed data DsO stored at the client 
(e.g., in the storage medium) by the client private key K, and then authentication data D is sent to 
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the server. (Yatsukawa: Col. 16, lines 57-60). Additionally, DsO determined in the 
authentication server in Yatsukawa is not inactive and then activated, but once determined, is 
always active. Thus, Applicant submits that Yatsukawa does not teach or suggest receiving a 
challenge from an authentication server as recited in claim 1 , where the challenge includes a 
password that is inactive. Applicant further submits that Yatsukawa does not teach or suggest 
activating the password as recited in claim 1 . 

Applicant further submits that Baskey does not supply the missing claim 
limitation of receiving a challenge from an authentication server as recited in claim 1 , where the 
challenge includes a password that is inactive. As the Examiner relies on Baskey in the Office 
Action to teach SSL communications, nowhere has the Examiner pointed to where Baskey 
teaches receiving a challenge from an authentication server as recited in claim 1 , where the 
challenge includes a password that is inactive. Applicant further submits that Baskey does not 
teach or suggest activating the password as recited in claim 1 . 

In light of the above, Applicant submits that the combination of Chang, 
Yatsukawa, and Baskey do not teach or suggest all of the claimed limitations recited in claim 1 . 
Thus, Applicants submits that claim 1 is allowable. 

Claims 2-4, 6-10, and 12-21 

Applicant submits that independent claims 8 and 15 are allowable for at least a 
similar rationale as discussed above for the allowability of claim 1 . Applicant further submits 
that dependent claims 2-4, 6-7, 9-10, 12-14, and 16-21 are allowable for being dependent on 
independent claims containing allowable subject matter. Applicant further submits that the 
dependent claims are allowable for additional reasons as the dependent claims recite features not 
found in the independent claims. 
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Claim 5 

Applicant submits that dependent claim 5 is allowable for being dependent on 
allowable independent claim 1 . In the Office Action, the Examiner relies on Arthan to teach 
changing a private key when authentication is incorrect. However, Applicant submits that 
Arthan does not cure the deficiencies of Chang, Yatsukawa, and Baskey. 

Applicant submits that Arthan does not supply the missing claim limitation of 
receiving a challenge from an authentication server as recited in the independent claim 1 , where 
the challenge includes a password that is inactive. Not all limitations of claim 5, which depends 
from claim 1, can be found in the combination of Chang, Yatsukawa, Baskey, and Arthan. 
Therefore, while the Examiner relies on Arthan to teach changing a private key when 
authentication is incorrect, Arthan does not teach or suggest receiving a challenge from an 
authentication server as recited in the independent claim 1 , where the challenge includes a 
password that is inactive. Thus, the combination of Chang, Yatsukawa, Baskey, and Arthan does 
not teach or suggest claim 1 . As dependent claim 5 dependents from claim 1 , Applicant submits 
that claim 5 is allowable. 
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CONCLUSION 

In view of the foregoing, Applicant believes all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 650-326-2400. 

Respectfully submitted, 

/Sean F. Parmenter/ 

Sean F. Parmenter 
Reg. No. 53,437 

TOWNSEND and TOWNSEND and CREW LLP 

Two Embarcadero Center, Eighth Floor 

San Francisco, California 941 1 1-3834 

Tel: 650-326-2400 

Fax: 650-326-2422 

SFP:am 
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